What this shows is that 3 devices on my network have requested an IP address from the DHCP server and the snooping process noted the return DHCPOFFER. With the source interface of the request, the MAC of the requestor, and the IP from the offer the switch was able to build this table. So, if DAI uses this table to allow/deny traffic what does DAI think is going on in my network? DAI thinks that only 3 devices exist on my network. (2 of them are on f1/0/1 and 1 is on f1/0/4). However, take a look at my show mac address-table dynamic ouput:

I’ve got several devices on this switch! These “other devices” most likely don’t exist in the DHCP snooping bindings table because they have static IPs assignments (like my printer and file server).

One way to circumvent the DAI needing the DHCP snooping bindings table is setting an interface to a trusted state. All interfaces, by default, are untrusted by DAI. Setting an interface to trusted will cause DAI to “allow all” traffic and not inspect. Use the (config-if)#ip arp inspection trust command to set an interface to the trusted state.

Alas, I don’t want to configure the ports connecting to my file server and printer as trusted ports though because they might get unplugged and moved to a different port (or what if a “hacker” unplugged my printer and tried to ARP poison my switch!). I don’t like this option but the only other way I know to deal with IP-to-MAC mappings for DAI is to create a ARP ACL and associated that ACL to the arp inspection process.

I know that my printer is 192.168.1.250 and my file server is 192.168.1.252. From my switch I ping those IPs to ensure that they are up and that their MAC addresses are known by the switch. Using show ip arp I get the following: